Episode 5: Without Documentation It Didn't Happen

Help Me With HIPAA

English - June 12, 2015 10:00 - 49 minutes - 45.5 MB - ★★★★★ - 61 ratings
Business Technology hipaa businessassociate coveredentity privacy security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Episode 4: How Do You Eat An Elephant?

Next Episode: Episode 6 - HIPAA Compliant IT

In this episode we discuss the importance of documentation for your HIPAA compliance program. You can be doing everything right but without documentation there is now way for you to show anyone else that is the case. If you can't prove it then you aren't doing it as far as OCR is concerned.

Glossary

A managed service provider (MSP) is a third-party contractor that is under contract (usually a monthly fee) to provide on-going technology support to other organizations.

Links

Notes

OCR says "don't just tell me you are compliant, show me you are"
What do you need to document

Policies and Procedures, including archive history
Risk Analysis and Risk Assessment
Training for workforce (who, what, where, when)
Risk Mitigation project plans
Issue/Incident details
BAAs and BA Due Diligence
Activity monitoring reports and logs
Audit plans and results
Assessment plans and results
Inventories of software, hardware, etc
Breach response plans and documentation

Spreadsheets and documents in folders or document management tools
Compliance Management tools